### [CVE-2023-38646](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38646)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.

### POC

#### Reference
- http://packetstormsecurity.com/files/174091/Metabase-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/177138/Metabase-0.46.6-Remote-Code-Execution.html

#### Github
- https://github.com/0utl4nder/Another-Metabase-RCE-CVE-2023-38646
- https://github.com/0xabdoulaye/CTFs-Journey
- https://github.com/0xrobiul/CVE-2023-38646
- https://github.com/20142995/sectool
- https://github.com/Anekant-Singhai/Exploits
- https://github.com/AnvithLobo/CVE-2023-38646
- https://github.com/Any3ite/cve-2023-38646-metabase-ReverseShell
- https://github.com/Awrrays/FrameVul
- https://github.com/Boogipop/MetabaseRceTools
- https://github.com/CN016/Metabase-H2-CVE-2023-38646-
- https://github.com/Chocapikk/CVE-2023-38646
- https://github.com/DarkFunct/CVE_Exploits
- https://github.com/Ego1stoo/CVE-2023-38646
- https://github.com/LazyySec/CVE-2023-38646
- https://github.com/Loginsoft-LLC/Linux-Exploit-Detection
- https://github.com/Loginsoft-Research/Linux-Exploit-Detection
- https://github.com/Mrunalkaran/CVE-2023-38646
- https://github.com/MzzdToT/HAC_Bored_Writing
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/Pumpkin-Garden/POC_Metabase_CVE-2023-38646
- https://github.com/Pyr0sec/CVE-2023-38646
- https://github.com/Red4mber/CVE-2023-38646
- https://github.com/SUT0L/CVE-2023-38646
- https://github.com/Shisones/MetabaseRCE_CVE-2023-38646
- https://github.com/Spectral-Source/Collaborator-like
- https://github.com/SrcVme50/Analytics
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/CVE
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/TrojanAZhen/Self_Back
- https://github.com/UserConnecting/Exploit-CVE-2023-38646-Metabase
- https://github.com/Xuxfff/CVE-2023-38646-Poc
- https://github.com/Zenmovie/CVE-2023-38646
- https://github.com/acesoyeo/METABASE-RCE-CVE-2023-38646-
- https://github.com/adriyansyah-mf/metabase
- https://github.com/alexandre-pecorilla/CVE-2023-38646
- https://github.com/asepsaepdin/CVE-2023-38646
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/birdm4nw/CVE-2023-38646
- https://github.com/churamanib/metabase-pre-auth-rce-poc-
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/fidjiw/CVE-2023-38646-POC
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/getdrive/PoC
- https://github.com/ggjkjk/1444
- https://github.com/gobysec/Research
- https://github.com/hadrian3689/metabase_preauth_rce
- https://github.com/hheeyywweellccoommee/CVE-2023-38646-glwax
- https://github.com/hheeyywweellccoommee/CVE-2023-38646-hmoje
- https://github.com/hheeyywweellccoommee/CVE-2023-38646-suynl
- https://github.com/hktalent/bug-bounty
- https://github.com/ibaiw/2023Hvv
- https://github.com/iluaster/getdrive_PoC
- https://github.com/int3x/ctf-writeups
- https://github.com/j0yb0y0h/CVE-2023-38646
- https://github.com/joaoviictorti/CVE-2023-38646
- https://github.com/junnythemarksman/CVE-2023-38646
- https://github.com/kh4sh3i/CVE-2023-38646
- https://github.com/lazysec0x21/CVE-2023-38646
- https://github.com/m3m0o/metabase-pre-auth-rce-poc
- https://github.com/massco99/Analytics-htb-Rce
- https://github.com/nenandjabhata/CTFs-Journey
- https://github.com/niTROCket51/ctf-writeups
- https://github.com/nickswink/CVE-2023-38646
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/passwa11/2023Hvv_
- https://github.com/passwa11/CVE-2023-38646
- https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
- https://github.com/qiuluo-oss/Tiger
- https://github.com/raytheon0x21/CVE-2023-38646
- https://github.com/robotmikhro/CVE-2023-38646
- https://github.com/samurai411/toolbox
- https://github.com/securezeron/CVE-2023-38646
- https://github.com/shamo0/CVE-2023-38646-PoC
- https://github.com/syr1ne/exploits
- https://github.com/threatHNTR/CVE-2023-38646
- https://github.com/xchg-rax-rax/CVE-2023-38646
- https://github.com/xxRON-js/Collaborator-like
- https://github.com/yxl2001/CVE-2023-38646